The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the arrest of any individual participating in the operation.
美国国务院宣布,将提供高达1500万美元的奖金,以换取有关LockBit勒索软件组的关键领导人身份的信息,并逮捕参与该行动的任何个人。
"Since January 2020, LockBit actors have executed over 2,000 attacks against victims in the United States, and around the world, causing costly disruptions to operations and the destruction or exfiltration of sensitive information," the State Department said.
“自2020年1月以来,LockBit行动者对美国和全球受害者进行了2000多次攻击,造成运营成本昂贵以及敏感信息的破坏或外泄,”国务院表示。
"More than $144 million in ransom payments have been made to recover from LockBit ransomware events."
“已支付超过1.44亿美元的赎金,以恢复LockBit勒索软件事件。”
The development comes as a sweeping law enforcement operation led by the U.K. National Crime Agency (NCA) disrupted LockBit, a Russia-linked ransomware gang that has been active for more than four years, wreaking havoc on business and critical infrastructure entities around the world.
这一进展发生在由英国国家犯罪局(NCA)领导的一次大规模执法行动中,该行动中断了活跃时间超过四年的与俄罗斯相关的LockBit勒索软件黑客团伙,给全球的商业和关键基础设施实体带来了灾难。
Ransomware-as-a-service (RaaS) operations like LockBit and others work by extorting companies by stealing their sensitive data and encrypting them, making it a lucrative business model for Russian e-crime groups that act with impunity by taking advantage of the fact that they are outside of the jurisdiction of Western law enforcement.
像LockBit和其他RaaS(勒索软件即服务)运营一样,通过勒索公司窃取其敏感数据并加密,这对俄罗斯电子犯罪团体来说是一种赚钱的商业模式,他们可以不受制于西方执法机构的管辖,从而可以肆无忌惮地行事。
The core developers tend to tap into a network of affiliates who are recruited to carry out the attacks using LockBit's malicious software and infrastructure. The affiliates, in turn, are known to purchase access to targets of interest using initial access brokers (IABs).
核心开发人员倾向于利用一群附属公司的网络,这些公司被招募来使用LockBit的恶意软件和基础结构进行攻击。这些附属公司反过来则通过初始访问经纪人(IABs)购买利益目标的访问权限。
"LockBit rose to be the most prolific ransomware group since Conti departed the scene in mid-2022," Chester Wisniewski, global field CTO at Sophos, said.
“自Conti于2022年中退出后,LockBit已成为最活跃的勒索软件组,”Sophos全球首席技术官切斯特·维什涅夫斯基说。
"The frequency of their attacks, combined with having no limits to what type of infrastructure they cripple has also made them the most destructive in recent years. Anything that disrupts their operations and sows distrust amongst their affiliates and suppliers is a huge win for law enforcement."
“他们的攻击频率,加上对他们所瘫痪的基础设施类型没有限制,也使他们成为近年来最具破坏性的组织。任何扰乱他们运营并在附属公司和供应商之间播下不信任的行为都是执法部门的巨大胜利。”
LockBit is also known to be the first ransomware group to announce a bug bounty program in 2022, offering rewards of up to $1 million for finding security issues in website and locker software.
LockBit也被称为是第一个在2022年宣布漏洞赏金计划的勒索软件组,为在网站和锁定软件中发现安全问题的人提供高达100万美元的奖励。
"LockBit's operation grew in scale by consistently delivering new product features, providing good customer support, and at times, marketing stunts that included paying people to tattoo themselves with the group's logo," Intel 471 said.
“通过不断提供新产品功能,提供良好的客户支持,以及有时进行的市场宣传,包括支付人们用该组织的标志纹身,LockBit的运营规模不断扩大,”Intel 471表示。
"LockBit flipped the script, letting its affiliates collect the ransom and trusting them to pay it a portion. This made affiliates confident that they were not going to lose out on a payment, thus attracting more affiliates."
“LockBit颠覆了常规,让其附属公司收取赎金,并信任他们支付部分赎金。这使附属公司确信他们不会失去任何支付,从而吸引更多的附属公司。”
SecureWorks Counter Threat Unit (CTU), which is tracking the group under the name Gold Mystic, said it investigated 22 compromises featuring LockBit ransomware from July 2020 through January 2024, some of which relied solely on data theft to extort victims.
SecureWorks Counter Threat Unit(CTU)正在Gold Mystic的名义下跟踪该组织,称其对从2020年7月到2024年1月的22起LockBit勒索软件事件进行了调查,其中一些仅依赖于数据窃取来勒索受害者。
The cybersecurity company further pointed out that LockBit's practice of ceding control to its affiliates to handle ransom negotiation and payments allowed the syndicate to scale up and draw several affiliates over the years.
该网络安全公司进一步指出,LockBit将控制权交给其附属公司来处理赎金谈判和支付,这一做法使这个团伙能够扩大规模,并吸引了几名附属公司加入。
LockBit's takedown followed a months-long investigation that commenced in April 2022, leading to the arrest of three affiliates in Poland and Ukraine, the indictment in the U.S. of two other alleged members, as well as the seizure of 34 servers and 1,000 decryption keys that can help victims recover their data without making any payment.
LockBit的被摧毁是在从2022年4月开始的几个月的调查后进行的,导致在波兰和乌克兰逮捕了三名附属公司,起诉了另外两名被指控成员,以及查获了34台服务器和1000个解密密钥,这些密钥可以帮助受害者恢复其数据而无需付款。
These arrests include a 38-year-old man in Warsaw and a "father and son" duo from Ukraine. LockBit is estimated to have employed about 194 affiliates between January 31, 2022, and February 5, 2024, with the actors using a bespoke data exfiltration tool known as StealBit.
"StealBit is an example of LockBit's attempt to offer a full 'one-stop shop' service to its affiliates," the NCA said, adding the executable is used to export the data through the affiliate's own infrastructure before StealBit's in a likely effort to evade detection.
“StealBit是LockBit尝试为其附属公司提供全面“一站式”服务的一个例子,”英国国家犯罪局表示,补充说,这个可执行文件被用于通过附属公司自己的基础设施将数据导出,然后再通过StealBit导出,这很可能是为了规避检测。
That said, the fluid structure of these RaaS brands means that shutting them down may not decisively impact the criminal enterprise, allowing them to regroup and resurface under a different name. If the recent history of similar takedowns is any indication, it won't be long before they rebrand and continue from where they left off.
尽管如此,这些RaaS品牌的流动结构意味着关闭它们可能不会决定性地影响犯罪企业,使他们能够重新组织并在不同的名称下重新浮上水面。如果类似行动的最近历史是任何迹象的话,他们很快就会重新包装并继续他们离开的地方。
"Comprehensive degradation of LockBit's infrastructure will likely result in a short cessation in activity from LockBit operatives before they resume operations – either under the LockBit name or an alternative banner," ZeroFox said.
“全面破坏LockBit的基础设施可能会导致LockBit运营者短暂停止活动,然后再恢复运营–无论是以LockBit的名义还是以另一个名称,”ZeroFox表示。
"Even if we don't always get a complete victory, like has happened with QakBot, imposing disruption, fueling their fear of getting caught and increasing the friction of operating their criminal syndicate is still a win," Wisniewski added. "We must continue to band together to raise their costs ever higher until we can put all of them where they belong – in jail."
“即使我们并不总是取得完全的胜利,就像对QakBot的情况一样,但对他们施加干扰,加剧他们被抓到的恐惧并增加他们运作犯罪团伙的摩擦仍然是一种胜利,”维什涅夫斯基补充说。“我们必须继续团结起来,将他们的成本提高到更高的水平,直到我们能把所有的人都送到该去的地方–监狱。”
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...